Verizon: Today’s enterprises are becoming more and more aware that cybercrime will have an impact on the company’s reputation and infringe on the bottom line of the company.
- Apple Safari browser will no longer accept new HTTPS Certificates with a validity period of more than 398 days
- The Shadow Brokers using Pakistani Cyber Security Software
- 5 WAYS to stand out in an Interview Job in the field of Information Security
- IT Specialist Copied Russian Railway Employees Data and Post It on Internet
- New York Police Department (NYPD) Networks Get Infected with Ransomware
Verizon’s successive annual reports, such as Data Theft Investigation Report 2019 and Internal Threat Report, continue to remind companies to strengthen the detection and prevention of cyber threat trends. Information about the state of cyber threats is important, but companies still need to prepare more comprehensive solutions to network security incidents.
During 2016-2018, Verizon conducted customer response (IR) program evaluation and data leakage simulation tests for customers. Through a summary and research of the three-year data, the Verizon Accident Preparation and Response Report (VIPR Report) provides strategic guidance for companies to develop efficient and viable IR solutions. The six standard stages of dealing with accidents Verizon experts have developed an IR plan for the company to summarize its six standard stages, including key points to help companies better understand and implement.
The summary is as follows:
1. Planning and preparation – including the construction of IR solutions that include key internal stakeholders and third parties, which is critical to effectively responding to incidents.
2. Monitoring and Validation – Monitor cybersecurity incidents and categorize incidents based on severity and source at an early stage of the IR process.
3. Control and Elimination – Focus on controlling and eliminating cybersecurity threats.
4. Collect and Analyze – Collect and analyze relevant evidence to help companies gain a deeper understanding of cybersecurity incidents, while also helping and supporting effective control of data breaches, cyber threats, post-mortem remediation, and remediation efforts.
5. Remediation and Remediation – Provides remediation and remediation measures; specifically, these measures not only ensure that business operations are back to normal but also help companies prevent or mitigate future threats.
6. Assessment and Adjustment – Update the experience summarized in the incident to the IR program to optimize cybersecurity metrics, strengthen security controls, and better guide practices.
Verizon points out that many companies believe that having an IR solution for filing means they are ready for potential cyber-attacks. However, under normal circumstances, these programs have not been activated and updated all year-round and are not sufficient to deal with current network incidents. In addition, having an outdated solution is like having no preparation. The IR program should be considered an “active document” that is regularly updated and applied to simulate leak scenarios for testing and practice to ensure the effectiveness of the program. Verizon also pointed out that the IR solution can be continuously updated and self-improved by adopting feedback from stakeholders, summarizing the experience of data leakage simulation testing, and in-depth analysis of current network strategies, so as to adapt to the ever-changing network security landscape.
Verizon’s VIPR report also includes five “data leak simulation suites” consisting of real-world scenarios to help companies and their stakeholders conduct accident simulation exercises to continuously improve their IR solutions. Real-world scenarios include internal encryption hijacking threats, malware attacks, cyber espionage, and cyber attacks related to the cloud environment.
Author: Verizon president director of Threat Research Consulting Center Ashish Thapar